Skip to content

[3.14] gh-146092: Fix error handling in _BINARY_OP_ADD_FLOAT opcode#146119

Open
vstinner wants to merge 2 commits intopython:3.14from
vstinner:eval_err14
Open

[3.14] gh-146092: Fix error handling in _BINARY_OP_ADD_FLOAT opcode#146119
vstinner wants to merge 2 commits intopython:3.14from
vstinner:eval_err14

Conversation

@vstinner
Copy link
Member

@vstinner vstinner commented Mar 18, 2026
edited by bedevere-app bot
Loading

Fix error handling in _PyFloat_FromDouble_ConsumeInputs() used by _BINARY_OP_ADD_FLOAT, _BINARY_OP_SUBTRACT_FLOAT and _BINARY_OP_MULTIPLY_FLOAT opcodes. PyStackRef_FromPyObjectSteal() must not be called with a NULL pointer.

@vstinner
pythongh-146092: Fix error handling in _BINARY_OP_ADD_FLOAT opcode
3bd1e9d 
Fix error handling in _PyFloat_FromDouble_ConsumeInputs() used by
_BINARY_OP_ADD_FLOAT, _BINARY_OP_SUBTRACT_FLOAT and
_BINARY_OP_MULTIPLY_FLOAT opcodes. PyStackRef_FromPyObjectSteal()
must not be called with a NULL pointer.
@bedevere-app bedevere-app bot mentioned this pull request Mar 18, 2026
Open
@vstinner vstinner mentioned this pull request Mar 18, 2026
Merged
@vstinner
Copy link
Member Author

vstinner commented Mar 18, 2026

cc @Fidget-Spinner

@vstinner vstinner requested a review from markshannon as a code owner March 18, 2026 16:11
@vstinner
Copy link
Member Author

vstinner commented Mar 18, 2026

@Fidget-Spinner: Please review again, I found another bug in _BINARY_OP_INPLACE_ADD_UNICODE opcode. I updated the PR to fix this opcode as well.

            PyUnicode_Append(&temp, right_o);
            Py_DECREF(right_o);
            ERROR_IF(temp == NULL);
            *target_local = PyStackRef_FromPyObjectSteal(temp);

I don't know if *target_local should be set to PyStackRef_NULL on error.

The code in the main branch is different:

            DEAD(left);
            PyUnicode_Append(&temp, right_o);
            _Py_DECREF_SPECIALIZED(right_o, _PyUnicode_ExactDealloc);
            *target_local = PyStackRef_NULL;
            ERROR_IF(temp == NULL);
            res = PyStackRef_FromPyObjectSteal(temp);

@vstinner vstinner requested a review from Fidget-Spinner March 18, 2026 16:21
@Fidget-Spinner
Copy link
Member

Fidget-Spinner commented Mar 18, 2026
edited
Loading

I don't know if *target_local should be set to PyStackRef_NULL on error.

I think setting it to PyStackRef_NULL might be wrong? Not too sure. Basically at that point, *target_local refcnt == 1. If we leave it in locals, it must be PyStackref_CLOSE(frame->localsplus[i]) when the frame is cleared during exception raising.

If you want to be sure. Write a test where the append fails (you can trigger an artificial failure somehow), and check if there's reference leaks. If there's refleaks, then we should not be setting it to PyStackRef_NULL and main is wrong.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@markshannon markshannon Awaiting requested review from markshannon markshannon is a code owner

@Fidget-Spinner Fidget-Spinner Awaiting requested review from Fidget-Spinner

Assignees

No one assigned

Labels

awaiting merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vstinner @Fidget-Spinner